The term “multimedia content” herein designates a content to be displayed on a screen and/or to be played back via speakers. Typically, a multimedia content is a sequence of an audiovisual program such as a television broadcast or a film. To secure the transmission of multimedia contents towards terminals via a public network, the multimedia contents are scrambled with control words and then transmitted on this public network.
More specifically, a control word is a word encoded on several information bits used to scramble a cryptoperiod of the multimedia content. A cryptoperiod is a period of the multimedia content that is scrambled with the same control word and during which the rights of access to this multimedia content are not modified.
Here, the terms “scramble” and “encrypt” are considered to be synonyms. This is also the case for the terms “descramble” and “decrypt”.
To secure the transmission of control words towards terminals by the intermediary of the public network, these control words are also encrypted before transmission, for example with a subscription key Ka.
A security processor is a processor that processes confidential information such as cryptographic keys or cryptographic algorithms. To preserve the confidentiality of this information, such a processor is designed to be as robust as possible against attack attempts conducted by computer hackers. It is therefore more robust against these attacks than other components of the terminal. In many applications, this security processor is detachable, i.e. it can easily be introduced into and removed from the terminal in alternation. In this case, it often takes the form of a chip card.
In the context of the scrambling of multimedia contents, the security processor contains secret information enabling the descrambling of the multimedia content received by a terminal. More specifically, there are two possible modes of operation for this security processor:                either the security processor itself descrambles the multimedia content and transmits the descrambled multimedia content to the terminal,        or the security processor decrypts the control word and transmits the decrypted control word to the terminal.If no precaution is taken, the descrambled multimedia content or the decrypted control word is transmitted in plain or unencrypted form from the security processor to the terminal.        
The term “plain” or “in plain form” designates the state of a piece of information corresponding to its state before it is scrambled or encrypted by secret control words or secret keys. The plain multimedia content or plain control word transmitted on the interface between the security processor and the terminal is vulnerable. Attacks have been devised to exploit this vulnerability. For example, it has been proposed to pick up the plain control word on this interface and then illicitly broadcast it to other terminals.
To overcome this drawback, it has already been proposed to encrypt the multimedia content of the control word transmitted from the security processor to the terminal.
Thus, there are methods for protecting the transmission of a multimedia content or a control word between the security processor and the terminal wherein:
                the security processor builds a current session key SKc by diversification of a root key SK_root as a function of a parameter Pc transmitted by the terminal,        the security processor decrypts the multimedia content or the control word and then encrypts the decrypted multimedia content or the decrypted control word with the current session key SKc and finally transmits the multimedia content or the control word encrypted with the current session key SKc to the terminal, and        the terminal decrypts the multimedia content or the control word encrypted with the built key SKc by means of a secret code Cc−1 to obtain the plain multimedia content or the plain control word.        
For example, a method of this kind is disclosed in the patent application EP 1 867 096. In this prior art method, the parameter Pc is an identifier of the terminal.
However, it can happen that the security of the current session key SKc gets compromised. For example, hacking attempts are made to discover this current session key and/or the root key SK_root from which it has been built.
If the security of the current session key has been compromised, it must be renewed. The renewal of a session key is a lengthy and complicated process. For example, in the system described in the patent application EP 1 867 096, it necessitates the renewal of the root key SK_root in each security processor and the renewal of the cryptogram SK_H* or SK_S* in each terminal. This renewal can only be done individually by addressing each terminal, and this is a particularly lengthy process which cannot be carried out simultaneously for all the terminals. The changing of the session key also calls for the sending of several messages to the same terminal, including especially a message to replace the cryptogram SK_H* or SK_S* and a message to replace the key SK_root. Furthermore, the messages addressed individually to each terminal can easily be filtered so that they are eliminated. Thus, an ill-intentioned user can easily prevent the renewal of his session key.
The prior art also includes the known patents EP0889956A2 and US2009/238363A1.